RAITM. Chatterjee1 Public Key Algorithms ……... RAITM. Chatterjee2 Public Key Cryptography Two keys Private key known only to individual Public key available.

RAIT M. Chatterjee 1

Public Key Algorithms……..

RAIT M. Chatterjee 2

Public Key Cryptography Two keys

Private key known only to individual Public key available to anyone

Idea Confidentiality:

encipher using public key, decipher using private key

Integrity/authentication: encipher using private key, decipher using public one

RAIT M. Chatterjee 3

Requirements

1. Given the appropriate key, it must be computationally easy to encipher or decipher a message

2. It must be computationally infeasible to derive the private key from the public key

3. It must be computationally infeasible to determine the private key from a chosen plaintext attack

RAIT M. Chatterjee 4

Public-Key Cryptography public-key/two-key/asymmetric

cryptography involves the use of two keys: a public-key, which may be known by

anybody, and can be used to encrypt messages, and verify signatures

a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

RAIT M. Chatterjee 5

Public-Key Cryptography is asymmetric because

those who encrypt messages or verify signatures cannot decrypt messages or create signatures

RAIT M. Chatterjee 6

Public-Key Cryptography

RAIT M. Chatterjee 7

Why Public-Key Cryptography? developed to address two key issues:

key distribution – how to have secure communications in general without having to trust a KDC with your key

digital signatures – how to verify a message comes intact from the claimed sender

public invention due to Whitfield Diffie & Martin Hellman at Stanford in 1976 known earlier in classified community

RAIT M. Chatterjee 8

Public-Key Applications can classify uses into 3 categories:

key exchange (of session keys) encryption/decryption (provide

secrecy) digital signatures (provide

authentication) some algorithms are suitable for all

uses, others are specific to one

RAIT M. Chatterjee 9

Security of Public Key Schemes like private key schemes brute force

exhaustive search attack is always theoretically possible

but keys used are too large (>512 bits) not comparable to symmetric key sizes

security relies on a large enough difference in difficulty between easy (en/decrypt) and hard (to cryptanalyze) problems

requires the use of very large numbers hence is slow compared to secret key

schemes

RAIT M. Chatterjee 10

Diffie-Hellman Compute a common, shared key

Called a symmetric key exchange protocol

Based on discrete logarithm problem Given integers n and g and prime

number p, compute k such that n = gk mod p

Solutions known for small p Solutions computationally infeasible as

p grows large – hence, choose large p

RAIT M. Chatterjee 11

Diffie-Hellman Key Exchange a public-key distribution scheme

cannot be used to exchange arbitrary messages

rather it can establish a common key known only to the two participants

value of key depends on the participants (and their private and public key information)

based on exponentiation in a finite (Galois) field (modulo a prime or a polynomial) - easy

security relies on the difficulty of computing discrete logarithms (similar to factoring) – hard

RAIT M. Chatterjee 12

Diffie-Hellman SetupGenerating the Diffie-Hellman public

key The Diffie-Hellman system allows Alice

and Bob to agree on a key even when Eve is listening to everything they say to each other.

Alice and Bob need to agree on a prime number p, which they can do by simply sending it to each other.

Eve is allowed to learn this number p. In practice the number p is often simply advertised somewhere public.

RAIT M. Chatterjee 13

Generators & Public Key Given a prime number p, it is possible to come up with a

number g (the so-called generator) with a very interesting property. Every number between 1 and p-1 can be written as a power of g when calculating modulo p. For example, using p = 5 the generator is 2, because

20 = 1 21 = 2 22 = 4 23 = 3 (because 8 = 3 mod 5)

Alice and Bob agree in the same way on a generator g for the numbers between 1 and p-1.

The numbers p and g serve as the public key.

RAIT M. Chatterjee 14

Diffie-Hellman Key Exchange

Shared key, public communication No authentication of partners What’s involved?

P is a prime (about 512 bits), and g < p

P and g are publicly known

RAIT M. Chatterjee 15

Diffie-Hellman Key Exchange

ProcedureAlice Bobpick secret Sa randomly pick secret Sb

randomlycompute TA=gSa mod p compute

TB=gSb mod p

send TA to Bob send TB to Alice

compute TBSa mod p compute TA

Sb mod p

RAIT M. Chatterjee 16

Alice and Bob reached the same secret gSaSb mod p, which is then used as the shared key.

RAIT M. Chatterjee 17

DH Security - Discrete Logarithm Is Hard

T = gs mod p Conjecture: given T, g, p, it is

extremely hard to compute the value of s (discrete logarithm)

RAIT M. Chatterjee 18

Diffie-Hellman Scheme

Security factors Discrete logarithm very difficult. Shared key (the secret) itself never

transmitted.

RAIT M. Chatterjee 19

Disadvantages: Expensive exponential operation

DoS possible. The scheme itself cannot be used to

encrypt anything – it is for secret key establishment.

No authentication, so you can not sign anything …

RAIT M. Chatterjee 20

Bucket Brigade Attack...Man In The Middle

Alice Trudy BobgSa=123 gSx =654 gSb

=255 123 --> 654 -->

<--654 <--255 654Sa=123Sx 255Sx=654Sb

Trudy plays Bob to Alice and Alice to Bob

RAIT M. Chatterjee 21

Encryption With Diffie-Hellman

Everyone computes and publishes <p, g, T> T=gS mod p

Alice communicates with Bob: Alice

Picks a random secret Sa

Computes gbSa mod pb

Use Kab = TbSa mod pb to encrypt message

Send encrypted message along with gbSa

mod pb

RAIT M. Chatterjee 22

Diffie-Hellman Bob

(gbSa)Sb mod pb = (gb

Sb)Sa mod pb = TbSa

mod pb = Kab

Use Kab to decrypt

RAIT M. Chatterjee 23

Example of an attack

N=11 g=7 Alice chooses x=3 Bob chooses y=9 Trudy chooses x=8 and y=6

RAIT M. Chatterjee 24

Alice computes 73 mod 11 =2 Bob computes 79 mod 11 =8 Trudy computes 78 mod 11 =9 and 76 mod 11 = 4 Alice sends 2 to Bob….Trudy

intercepts and sends 9 Bob sends 8 to Alice….Trudy

intercepts and sends 4

RAIT M. Chatterjee 25

Alice computes K1= 43 mod 11 =9 Bob computes K2= 99 mod 11 =5

Trudy computes K1 = 88 mod 11 =5 And K2= 26 mod 11 = 9

Thus Trudy is man-in-the-middle……..